来自 Google 和 Meta 的安全研究人员警告称,自主型 AI 代理需要全系统范围的防御架构,以应对新兴的安全风险。专家指出,仅靠传统的网络安全工具无法防范由 AI 代理带来的威胁,因为这类代理能够保留记忆、调用外部工具、与其他代理进行协同,并在没有直接人工监督的情况下持续运行。该担忧源于企业层面在各类工作流程中迅速部署 AI 代理,包括支付、客户服务、编程、网络安全以及金融运营。与更早期的聊天机器人式系统不同,代理式 AI 会引入持久化记忆系统、工具执行和自主工作流,从而产生新的攻击面。这些相互关联系统中的安全故障往往不会局限于单一环节——被篡改的指令或恶意输入可能在变得对外可见之前通过多个层级扩散。
Security Gaps in AI Agent Systems
A survey of 116 AI-agent security papers identified major gaps in defenses against "cross-session" and "stack-propagating" threats, which are capable of moving across multiple layers of autonomous systems over time. The risk is particularly acute in financial services, where AI agents are increasingly deployed for payments, fraud monitoring, trading operations, and customer account management.
In a recent incident, Bankr, an AI-powered crypto trading assistant, disabled transactions on May 20 after identifying an attacker who had gained access to at least 14 wallets. Security experts speculated the bot could have been exploited by a hacker.
Keyrock reported that AI agents processed $73 million in crypto payments between 2025 and 2026, demonstrating the scale of autonomous AI deployment in financial workflows.
Researchers emphasize that agent security must be approached as a systems problem, treating the AI model powering the agent as an untrusted component. Security experts are proposing methods to intercept attacks as they move through interconnected AI-agent systems rather than relying solely on front-end filters or prompt moderation.
Google 和 Meta 扩展代理式 AI 生态系统
Google 近日发布了 Gemini Spark,这是一款始终在线的 AI 助手,能够在 Workspace 应用、云系统以及第三方平台之间进行交互。该公司正在将 AI 代理更深度地集成到 Chrome、Gmail、Search 和 Android 系统中。
Meta 正在准备具备代理能力的 AI 助手,能够在其社交与消息平台上执行个性化任务。安全专家警告称,越来越自主的系统会在这些相互关联的生态系统中带来更多安全漏洞和恶意攻击机会。
